Fortinet prevents Pharming, offers new guidelines for protection
Thursday, 9 June 2005 04:42 EST



SYDNEY, June 9, 2005 – Fortinet, the pioneer and market leader of Unified Threat Management, today is confirming its FortiGate™ systems, which are security appliances that provide integrated security applications, help to defeat the growing threat of a new form of malicious electronic crime - ‘Pharming.’

Fortinet is complementing its integrated security applications with a new educational paper that offers enterprises, service providers and individual users a five-step method for identifying the difficult-to-detect phenomenon (detailed below).

Pharming is a highly sophisticated extension of the online confidence scam ‘Phishing’ and is best confined through a ‘blended network security response’ that eliminates threats including DNS poisoning, Trojan horse programs and key-logging spyware. During 2004, Gartner publicly reported that related crimes such as Phishing, in which criminals use misleading e-mail and Websites to dupe individuals into sharing personal data like passwords, accounted for a staggering $US2.4 billion in fraud, or an average of $US1,200 per victim, during the past 12 months.

Unlike Phishing, Pharming attacks hide silently in a network-connected computer and ‘harvest’ personal financial details of the users’ regular Web surfing activities. Users requesting a bona fide Website are unknowingly sent to a fake Website that mirrors a legitimate site. Once the pharming scheme is planted, malicious activity can be launched against a wide number of sites that the user may visit on a regular basis totally unknown to that user.

Pharming attacks are carried out using sophisticated blended attacks against DNS servers, typically involving DNS cache poisoning. Fortinet’s FortiGate integrated security appliances can be used to secure DNS servers with stateful firewall rules and provide antivirus and intrusion prevention (IPS) to stop attacks. In some Pharming attacks, spyware or Trojan applications installed on end hosts have also been used to perform keystroke logging and Website redirection without the user being aware. In these instances, users deploying Fortinet’s FortiGate systems on their network and/or FortiClient Host Security software on their desktop can receive immediate antivirus and IPS signatures from the 24/7 FortiGuardCenter.

To help eliminate the growing Pharming threat, Fortinet has released the following five-step guide to identifying whether a given Website being visited is part of a Pharming attack:

THE 5 WAYS TO SPOT A PHARMING WEBSITE

1) It doesn’t ‘feel’ quite right. The login process, verification or information displayed will not look precisely the same as the legitimate site.

2) It asks for more than is necessary. Pharming sites will most likely ask for additional verification or personal information that is not normally required.

3) There is no SSL padlock on the browser. Legitimate websites requesting confidential information will always encrypt the session with Secure Sockets Layer (SSL). Look for the ‘padlock’ icon on your browser and double click on the padlock to verify the SSL certificate.

4) There is no ‘HTTPS’ for ‘secure’ in the address bar URL. On a safe site, the browser URL should contain the prefix https:// in the address bar. Pharmed sites do not normally have SSL certificates and will remain as http:// even when you are requested to submit confidential data.

5) The browser alerts you to an SSL certificate problem. Spoofed SSL certificates should cause your browser to display a security alert message. Rather than ignore it, users should take the opportunity to check the certificate and take this as an obvious sign of a fraudulent website.

“Combining human engineering approaches with the proliferation of advanced virus code, the growing sophistication of malicious e-crime techniques is too much for many popular Internet security solutions,” said Adam Stein, Fortinet’s vice president of marketing. “While users need to be aware of the warning signs of Pharming, enterprises and service providers must increase their efforts to educate users about countering blended attacks with blended responses incorporating antivirus, intrusion prevention (IPS), firewall and other security measures for complete content protection of network traffic.”

Fortinet offers more information on how to defend against Pharming attacks with FortiGate systems in its online Knowledge Center at: http://kc.forticare.com/default.asp?id=866&Lang=1.

For more information on Fortinet’s FortiGate systems and FortiClient software, please visit: www.fortinet.com/products.

About Fortinet (www.fortinet.com) Fortinet is the pioneer and market leader of Unified Threat Management. Its award-winning FortiGate Series of ASIC-accelerated antivirus firewalls, winner of the 2003 Networking Industry Awards Firewall Product of the Year and the 2004 Security Product of the Year Award from Network Computing Magazine, are the new generation of real-time network protection systems. They detect and eliminate the most damaging, content-based threats from e-mail, Web and file transfer traffic such as viruses, worms, intrusions, inappropriate Web content and more in real time – without degrading network performance. FortiGate systems are the only security products that are certified by the ICSA (antivirus, firewall, IPSec, SSL VPN), and deliver a full range of network-level and application-level services in integrated, easily managed platforms. Named to the Red Herring Top 100 Private Companies, Fortinet is privately held and based in Sunnyvale, California.